home

tvnserver.exe

TightVNC

GlavSoft LLC.

This is a setup program which is used to install the application. It runs as a separate (within the context of its own process) windows Service named “TightVNC Server”. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘tvncontrol’. This is installed with multiple programs including TightVNC. The file has been seen being downloaded from 83.33.190.16 and multiple other hosts.
Publisher:
GlavSoft LLC.  (signed and verified)

Product:
TightVNC

Description:
TightVNC Server

Version:
2, 7, 10, 0

MD5:
2de8a6f622b54398412c1fd66d47b1ce

SHA-1:
fa891e3f3d8e5abd73f614bf7b01a760fb688bf2

SHA-256:
d1b7f6283a19724183e645f59b31fd7492141e592a4295963f13b38da4268932

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/16/2024 6:22:20 PM UTC  (today)

File size:
1.6 MB (1,690,096 bytes)

Product version:
2, 7, 10, 0

Copyright:
Copyright (C) 2008-2013 GlavSoft LLC.

Original file name:
tvnserver.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\tightvnc\tvnserver.exe

Digital Signature
Signed by:
GlavSoft LLC.

Authority:
Thawte, Inc.

Valid from:
3/27/2013 1:00:00 AM

Valid to:
3/30/2014 12:59:59 AM

Subject:
CN=GlavSoft LLC., O=GlavSoft LLC., L=Tomsk, S=Tomsk, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2EF2BE0C29BD08B957172FED0BE6A036

File PE Metadata
Compilation timestamp:
7/19/2013 7:11:52 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:KgNuV9+QWViocpI4vGTztBljzTViKMV+1RJuSoHk0V:nNaGViocpI4vG3tBlhiK2+I

Entry address:
0x80B3C

Entry point:
E8, BC, 2B, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, E7, 2F, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 8D, 02, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, C2, 2F, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 06, 2C, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D, C3, 8B, C1, 83, 60, 04, 00, 83, 60, 08, 00, C7, 00, C8, 35, 4C, 00, C3, 8B, FF, 55, 8B, EC, 53, 8B, 5D...
 
[+]

Code size:
775 KB (793,600 bytes)

Service
Display name:
TightVNC Server

Service name:
tvnserver

Type:
Win32OwnProcess


Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
tvncontrol

Command:
"C:\Program Files\tightvnc\tvnserver.exe" -controlservice -slave


Windows Firewall Allowed Program
Name:
C:\Programmi\TightVNC\tvnserver.exe


The file tvnserver.exe has been discovered within the following programs.

Combat Manager  by Kyle Olson
About 3% of users remove it
Snap.Do Engine  by ReSoft Ltd.
Snap.
snap.do
83% remove it
Stridon Agent  by Stridon Agent
About 4% of users remove it
TightVNC  by GlavSoft LLC.
TightVNC is a cross-platform open source remote desktop software application that uses and extends VNC's RFB protocol to control another computer's screen remotely.
www.tightvnc.com
11% remove it
 
Powered by Should I Remove It?

The file tvnserver.exe has been seen being distributed by the following 2 URLs.

http://83.33.190.16:8080/tvnserver.EXE

http://praticonet.com.br/update2011/.../tvnserver.exe&rd=2DB2224F2D8&keycli=C265153A8B&computer=pax_01

Scan tvnserver.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.